diff -r 07239de796bb -r e756a8c72c3d cms/drupal/modules/simpletest/tests/password.test --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cms/drupal/modules/simpletest/tests/password.test Fri Sep 08 12:04:06 2017 +0200 @@ -0,0 +1,81 @@ + 'Password hashing', + 'description' => 'Password hashing unit tests.', + 'group' => 'System', + ); + } + + function setUp() { + require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); + parent::setUp(); + } + + /** + * Test password hashing. + */ + function testPasswordHashing() { + // Set a log2 iteration count that is deliberately out of bounds to test + // that it is corrected to be within bounds. + variable_set('password_count_log2', 1); + // Set up a fake $account with a password 'baz', hashed with md5. + $password = 'baz'; + $account = (object) array('name' => 'foo', 'pass' => md5($password)); + // The md5 password should be flagged as needing an update. + $this->assertTrue(user_needs_new_hash($account), 'User with md5 password needs a new hash.'); + // Re-hash the password. + $old_hash = $account->pass; + $account->pass = user_hash_password($password); + $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_MIN_HASH_COUNT, 'Re-hashed password has the minimum number of log2 iterations.'); + $this->assertTrue($account->pass != $old_hash, 'Password hash changed.'); + $this->assertTrue(user_check_password($password, $account), 'Password check succeeds.'); + // Since the log2 setting hasn't changed and the user has a valid password, + // user_needs_new_hash() should return FALSE. + $this->assertFalse(user_needs_new_hash($account), 'User does not need a new hash.'); + // Increment the log2 iteration to MIN + 1. + variable_set('password_count_log2', DRUPAL_MIN_HASH_COUNT + 1); + $this->assertTrue(user_needs_new_hash($account), 'User needs a new hash after incrementing the log2 count.'); + // Re-hash the password. + $old_hash = $account->pass; + $account->pass = user_hash_password($password); + $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_MIN_HASH_COUNT + 1, 'Re-hashed password has the correct number of log2 iterations.'); + $this->assertTrue($account->pass != $old_hash, 'Password hash changed again.'); + // Now the hash should be OK. + $this->assertFalse(user_needs_new_hash($account), 'Re-hashed password does not need a new hash.'); + $this->assertTrue(user_check_password($password, $account), 'Password check succeeds with re-hashed password.'); + } + + /** + * Verifies that passwords longer than 512 bytes are not hashed. + */ + public function testLongPassword() { + $password = str_repeat('x', 512); + $result = user_hash_password($password); + $this->assertFalse(empty($result), '512 byte long password is allowed.'); + $password = str_repeat('x', 513); + $result = user_hash_password($password); + $this->assertFalse($result, '513 byte long password is not allowed.'); + // Check a string of 3-byte UTF-8 characters. + $password = str_repeat('€', 170); + $result = user_hash_password($password); + $this->assertFalse(empty($result), '510 byte long password is allowed.'); + $password .= 'xx'; + $this->assertFalse(empty($result), '512 byte long password is allowed.'); + $password = str_repeat('€', 171); + $result = user_hash_password($password); + $this->assertFalse($result, '513 byte long password is not allowed.'); + } +}